Merge branch 'revert-db93eb91' into 'master'

Revert "Merge branch 'revert-92a25640' into 'master'" See merge request gitlab-org/gitlab-workhorse!268

Merge branch 'revert-db93eb91' into 'master'
Revert "Merge branch 'revert-92a25640' into 'master'" See merge request gitlab-org/gitlab-workhorse!268
ebb62ecc · Kamil Trzciński (OoO till 3th) · db93eb91 · f528eb7c · ebb62ecc · ebb62ecc
Commit ebb62ecc authored Jul 04, 2018 by Kamil Trzciński (OoO till 3th)
Showing with 35 additions and 7 deletions

internal/upload/accelerate.go internal/upload/accelerate.go +8 -6

internal/upload/skip_rails_authorizer.go internal/upload/skip_rails_authorizer.go +22 -0

internal/upstream/routes.go internal/upstream/routes.go +5 -1

No files found.
--- a/internal/upload/accelerate.go
+++ b/internal/upload/accelerate.go
@@ -25,13 +25,15 @@ type MultipartClaims struct {
 	jwt.StandardClaims
 }

-func Accelerate(tempDir string, h http.Handler) http.Handler {
-	// TODO: for Object Store this will need a authorize call
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		localOnlyPreAuth := &api.Response{TempPath: tempDir}
+type PreAuthorizer interface {
+	PreAuthorizeHandler(next api.HandleFunc, suffix string) http.Handler
+}
+
+func Accelerate(rails PreAuthorizer, h http.Handler) http.Handler {
+	return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r *http.Request, a *api.Response) {
 		s := &savedFileTracker{request: r}
-		HandleFileUploads(w, r, h, localOnlyPreAuth, s)
-	})
+		HandleFileUploads(w, r, h, a, s)
+	}, "/authorize")
 }

 func (s *savedFileTracker) ProcessFile(_ context.Context, fieldName string, file *filestore.FileHandler, _ *multipart.Writer) error {

--- a/internal/upload/skip_rails_authorizer.go
+++ b/internal/upload/skip_rails_authorizer.go
+package upload
+
+import (
+	"net/http"
+
+	"gitlab.com/gitlab-org/gitlab-workhorse/internal/api"
+)
+
+// SkipRailsAuthorizer implements a fake PreAuthorizer that do not calls rails API and
+// authorize each call as a local only upload to TempPath
+type SkipRailsAuthorizer struct {
+	// TempPath is the temporary path for a local only upload
+	TempPath string
+}
+
+// PreAuthorizeHandler implements PreAuthorizer. It always grant the upload.
+// The fake API response contains only TempPath
+func (l *SkipRailsAuthorizer) PreAuthorizeHandler(next api.HandleFunc, _ string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		next(w, r, &api.Response{TempPath: l.TempPath})
+	})
+}
--- a/internal/upstream/routes.go
+++ b/internal/upstream/routes.go
@@ -145,7 +145,8 @@ func (u *Upstream) configureRoutes() {
 		sendurl.SendURL,
 	)

-	uploadAccelerateProxy := upload.Accelerate(path.Join(u.DocumentRoot, "uploads/tmp"), proxy)
+	uploadPath := path.Join(u.DocumentRoot, "uploads/tmp")
+	uploadAccelerateProxy := upload.Accelerate(&upload.SkipRailsAuthorizer{TempPath: uploadPath}, proxy)
 	ciAPIProxyQueue := queueing.QueueRequests("ci_api_job_requests", uploadAccelerateProxy, u.APILimit, u.APIQueueLimit, u.APIQueueTimeout)
 	ciAPILongPolling := builds.RegisterHandler(ciAPIProxyQueue, redis.WatchKey, u.APICILongPollingDuration)

@@ -182,6 +183,9 @@ func (u *Upstream) configureRoutes() {
 			),
 		),

+		// Uploads
+		route("POST", projectPattern+`uploads\z`, upload.Accelerate(api, proxy)),
+
 		// For legacy reasons, user uploads are stored under the document root.
 		// To prevent anybody who knows/guesses the URL of a user-uploaded file
 		// from downloading it we make sure requests to /uploads/ do _not_ pass